Hacking & Security Posts - Page 64

Things do not look good as Sears Holding Corp said on Friday that its Kmart retail chains customer database may have been compromised last month. As a result, some of its customer's credit card and debit card details may have been stolen.

The company said on Friday that its Kmart's servers was affected by a malware. Kmart was not able to say how many customers are affected, and according to their investigation so far, no debit card pin numbers, email and phone contacts, social security number and personal information was stolen.

But, to be on the safe side, Kmart made an announcement that it will be providing a free credit-monitoring service for its customers who used a debit or a credit card during since last month until Thursday. Customers can then call Kmart customer service and report the unauthorized charges immediately. In the meantime, the company hired a security firm to look into the matter while working with its banking partners and federal authorities.

New anti-theft technologies for smartphones and tablets allow owners to lock and remotely wipe their device, but these solutions are giving suspects the ability to secure seized devices. Several police agencies in the UK recently reported that devices previously seized as evidence were wiped, all of them while in police custody.

"There were six incidents, but we don't know how people wiped them," said a spokesperson from the Dorset police department in the UK. "We have cases where phones get seized, and they are not necessarily taken from an arrested person - but we don't know the details of these cases as there is not a reason to keep records of this."

If this becomes a widespread problem, police need to change their practices, which should begin with putting all seized electronics in a radio-frequency shielded bag.

Hackers aren't only interested in embarrassing celebrities, as thousands of pictures and videos were stolen from Snapchat users and will be posted online. The online service was quick to confirm its servers weren't breached, however, users of third-party Snapchat apps were targeted - and will be posted online in a searchable database.

Unfortunately for the users, they believed the images were quickly purged after being sent - instead, "The Snappening" will be posted on 4chan and other websites soon enough.

"We can confirm that Snapchat's servers were never breached and were not the source of these leaks," a Snapchat spokesperson recently said. "Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users' security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed."

Chinese officials are angry at the United States for allegedly inflating the real-world cost of defending against cyberattacks blamed on China. The U.S. government and private sector companies are routinely targeted by foreign hackers, with the cost of data breaches sometimes in the billions of dollars, though Beijing not surprisingly rejects those claims.

"We express strong dissatisfaction with the United States' unjustified fabrication of facts in an attempt to smear China's name and demand that the U.S.-side cease this type of action," said Hong Lei, Chinese Foreign Ministry spokesperson. "We also demand that the U.S. side cease its large-scale systematic Internet attacks on other countries. The United States tries to divert attention by crying wolf. This won't succeed."

Former NSA contractor Edward Snowden will speak via video chat during the Observer Ideas festival this weekend in the UK. An Observer technology columnist will ask questions to Snowden regarding technology, privacy, and other issues - and will be the first time Snowden has answered questions or been invited to an event in England since revealing mass surveillance activities by the NSA.

"We need to figure out how (and whether) societies can reassert effective democratic control over our security agencies, whether the technology that has enabled comprehensive surveillance can be re-engineered to protect privacy; how our law-making in these areas could be improved, and whether citizens can be persuaded to take an interest in these matters before it's too late," said John Naughton, Open University professor of the public understanding of technology.

As Snowden remains safely tucked away in Russia, the American whistleblower has become more vocal during media interviews and video-linked public appearances.

Cybercriminals are targeting ATMs in Russia and Eastern Europe with the Tyupkin malware, compromising the cash dispensing machines. More than 50 ATMs were running with the malware, but it has spread to the United States, France, India, China, Israel and Malaysia.

The ATMs need to be physically accessed by the criminals, with a bootable CD containing the malware deployed - with those responsible infecting the ATMs on Sunday and Monday nights, ensuring their faces are covered.

"The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure," said Vicente Diaz, Kaspersky Lab Global Research and Analysis Team principal researcher. "We strongly advise banks to review the physical security of their ATMs and network infrastructure and consider investing in quality security solutions."

Reports from the Chinese state media indicate the Chinese military plans to further improve its cybersecurity efforts, while also putting an emphasis on domestic software development. There is concern that the Internet and current cybersecurity is dominated by Western countries, and not enough is being done in China to promote development.

Major Chinese universities have highly educated students, and they will be called upon to help develop domestic software.

"Information security must be considered an underlying project in military battle preparedness," said the People's Liberation Army Daily. "We will strongly advance the domestic and independent building of programs, and strengthen the foundations of our information security."

Millions of network-connected electricity meters used in Spain are susceptible to cyberattack by hackers, according to security researchers. The vulnerabilities could lead to electricity being terminated - or billing fraud - if hackers are able to access the smart meters.

The Spanish government has relied on these electricity meters to improve national energy efficiency, but didn't put a large enough emphasis on security efforts. The memory chips in the smart meters are reprogrammable and include flawed code, though the researchers won't outline what they did specifically until the problems are fixed.

"Oh wait? We can do this? We were really scared," said Javier Vazquez Vidal, a security expert involved in the smart meter research. "We started thinking about the impact this could have. What happens if someone wants to attack an entire country?"

Actress Jennifer Lawrence is still extremely upset about the celebrity hacking scandal in which pictures of multiple actresses were leaked online. Lawrence recently told Vanity Fair that the cybercriminal activity, which targeted Apple iCloud accounts, is a "sex crime."

"It is not a scandal. It is a sex crime. It is a sexual violation. It's disgusting. The law needs to be changed, and we need to change. That's why these websites are responsible."

The stolen photos were posted on Reddit and 4chan, and quickly went viral among other websites. Poor judgment aside, that still doesn't necessarily mean celebrities deserved to have their personal photos stolen - but is yet another warning to regular users to be careful about where these types of photos or videos are stored.

The Chinese government is on the top of the list of foreign groups targeting the United States with cyberattacks, according to a recent statement issued by FBI director James Comey. Cyber espionage allows Chinese companies to copy and steal technologies so they do not need to innovate themselves, as the number of daily cyberattacks only increases.

"Well, I don't want to give you a complete list," Comey recently said in his interview with CBS News. "But I can tell you the top of the list is the Chinese. As we have demonstrated with the charges brought earlier this year against five members of the People's Liberation Army. They are extremely aggressive and widespread in their efforts to break into American systems to steal information that would benefit their industry."

It's not a surprise that China is a top threat that the U.S. government is watching - but is a strong signal that after years of burying their heads in the sand, officials understand they must improve critical infrastructure to reduce data breaches from state-sponsored cybercriminals.